When you have a router with multiple WANS, LANS and VPNS etc, routing can get a bit complicated.
For example how do you tell traffic to go via WAN2 (or 3 or whatever) instead of WAN1 if is really down (define really down). So you create a rule that says that all inbound on LAN is routed via a failover thing. That's fine but now you've broken RFC1918 routing. You try to connect to a remote site via 192.168.lol and its fucked.
So you now create a rule that forces 192.168.0.0/16, 172.16.0.0/12 and 10.0.0.0/8 to be routed via the usual routing table and after that you have a rule that worries about internets and multi WAN. Simples.
No of course it isn't that simple but it is quite close and good enough mostly!
There are several problems in search of a solution here. Is a WAN down? Usually you ping something. What do you do if the thing being pinged is down but the link is actually available and how do you deal with that? It gets to charts of risk/reward at this point.
Huh? If you have multiple WANs, presumably you’re running an actual routing protocol (BGP if WAN means WAN) and it’s solving your routing question based off of it’s configuration and the routes announced by it’s peers.
Also, I hope you’re not relying on ICMP to tell you meaningful things about your relationship with the internet. It lies.
For example how do you tell traffic to go via WAN2 (or 3 or whatever) instead of WAN1 if is really down (define really down). So you create a rule that says that all inbound on LAN is routed via a failover thing. That's fine but now you've broken RFC1918 routing. You try to connect to a remote site via 192.168.lol and its fucked.
So you now create a rule that forces 192.168.0.0/16, 172.16.0.0/12 and 10.0.0.0/8 to be routed via the usual routing table and after that you have a rule that worries about internets and multi WAN. Simples.
No of course it isn't that simple but it is quite close and good enough mostly!
There are several problems in search of a solution here. Is a WAN down? Usually you ping something. What do you do if the thing being pinged is down but the link is actually available and how do you deal with that? It gets to charts of risk/reward at this point.